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CRYPTOGRAPHIC COMBINER USING TWO SEQUENTIAL 
NON-ASSOCIATIVE OPERATIONS 

5 

The Field of the Invention 

The present invention generally relates to cryptosystems, and more 
particularly relates to private-key stream cipher cryptosystems w^hich combine a 
keystream with plaintext to encrypt the plaintext into ciphertext and combine the 
1 0 ciphertext with a keystream to decipher the ciphertext into plaintext. 

Background of the Invention 

Cryptosystems perform cryptography to transform plaintext into 
ciphertext so that only an authorized receiver can transform the ciphertext back 

1 5 into the original plaintext. Encryption or enciphering is the process that 

transforms plaintext into ciphertext. Decryption or deciphering is the process 
that transforms ciphertext into plaintext. 

A parameter called an encryption key is employed by a cryptosystem to 
prevent the plaintext from being easily revealed by an unauthorized person. A 

20 sender transforms a given plaintext into one of a large variety of possible 

ciphertexts selected by the specific encryption key. A receiver of the ciphertext 
deciphers the ciphertext by employing a parameter referred to as a decryption 
key. In a public-key cryptosystem, the encryption key is made pubUc while the 
decryption key is kept secret. Therefore, in pubUc key cryptosystems, the 

25 decryption key must be computationally infeasible to deduce from the 

encryption key. In a private-key cryptosystem, the sender and the receiver 
typically share a common key that is used for both enciphering and deciphering. 
In such a private-key cryptosystem, the common key is alterable and must be 
kept secret. 

30 Private-key cryptosystems are typically implemented as block cipher 

cryptosystems or stream cipher cryptosystems. Block cipher cryptosystems 
divide the plaintext into blocks and encipher each block independently using a 
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stateless transform. In block cipher cryptosystems, if one fixed common private- 
key is employed to encipher different occurrences of a particular plaintext block, 
all of these occurrences are encrypted into identical corresponding ciphertext 
blocks. Therefore, the block size is preferably selected to be large enough to 
5 frustrate attacks from a cryptanalyst, which analyzes the occurrence frequencies 
of various patterns among the ciphertext blocks. Example block sizes are 64 bits 
and 128 bits. 

In stream cipher cryptosystems, the plaintext is typically encrypted on a 
bit-by-bit or word-by-word basis using a stateful transform that evolves as the 

10 encryption progresses. In encrypting the plaintext binary data sequence for 

transmission as a ciphertext binary data sequence, the common private-key is a 
parameter that typically controls a pseudo-random number generator to create a 
long sequence of binary data referred to as a key stream. The stream cipher 
cryptosystem includes a cryptographic combiner, which combines the keystream 

1 5 with the plaintext sequence. The cryptographic combiner is typically 

implemented with exclusive-or (XOR) bit- wise logic gates, which perform bit- 
wise modulo-2 addition. The cryptographic combiner produces the ciphertext. 
At the receiver, the common private-key controls a receiver pseudo-random 
number generator to produce a decryption keystream. The decryption keystream 

20 is combined with a decryption combiner to decrypt the ciphertext to provide the 
plaintext to the receiver. 

One problem with stream cipher cryptosystems is the difficulty of 
generating a long, statistically uniform, and unpredictable sequence of binary 
data in the keystream from a short and random key. Such sequences are 

25 desirable in the keystream in cryptography to make it impossible, given a 

reasonable segment of its data and sufficient computer resources, to find out 
more about the sequences. Because of the difficulty in producing sequences that 
are completely unpredictable, it is desirable to have a combiner that reveals as 
little as possible about the keystream to an adversary having knowledge of the 

30 plaintext corresponding to some ciphertext (a so called "known plaintext 
attack"). 
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There are four general requirements for cryptographically secure 
keystream pseudo-random number generators. First, the period of a keystream 
must be large enough to accommodate the length of the transmitted message. 
Second, the keystream output bits must have good statistical properties (e.g. 
5 values are uniformly distributed). Third, the keystream output bits must be easy 
to generate. Fourth, the keystream output bits must be hard to predict. For 
example, given the pseudo-random number generator and the first N output bits, 
a(0), a(l),. . ., a(N-l), it should be computationally infeasible to predict the 
(N+1)* bit a(N) in a sequence with better than a 50-50 chance. In otherwords, a 

1 0 cryptanalyst should not be able to generate other forward bits or backward bits if 
presented with a given portion of the keystream output sequence. 

The receiver decryption combiner operation must be the inverse of the 
sender encryption combiner. The most common combiner operation is bit- wise 
XOR. One problem with the XOR combiner operation is that, if some or all of 

1 5 the plaintext of a message is known, the known plaintext can be combined with 
the associated ciphertext to reveal all or part of the keystream. This could enable 
one to read other messages sent under the same key, or to forge ciphertext 
messages that will decrypt to whatever plaintext is desired by an adversary. A 
second problem with the XOR combiner operation is that an accidental double 

20 encryption causes all of the plaintext to become visible. Another problem with 
the XOR combiner operation is that two ciphertexts using the same key can be 
XORed together by a cryptanalyst to eliminate the keystream and leave the XOR 
of two plaintexts. The low entropy of languages, such as the English language, 
allows for the XOR of two plaintexts to be resolved into its two original 

25 plaintext messages. Furthermore, if the keystream period is smaller than a 
message, this type of cryptanalysis also can be performed by dividing a 
ciphertext message into portions the size of the keystream and XORing the 
portions together to eliminate the keystream and leave the XOR of the plaintext 
portions. 

30 Another problem with the XOR combiner operation is that it allows an 

adversary to manipulate the contents of the message with only trivial information 
about its structure. If an adversary wants to change some bit(s) in the received 
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plaintext, all that need be done is to intercept the ciphertext message, invert the 
ciphertext bit(s) corresponding to the plaintext bit(s) the adversary wants to 
change, and then send the message on to the receiver. The only knowledge that 
an adversary needs is the location within the message of the bit(s) to be changed. 
5 Similar problems as those discussed above exist in all linear combiners, 

although typically not as severe as in an XOR combiner. Some very complex 
cryptographic combiners solve some of the above-problems. These very 
complex cryptographic combiners are, however, quite expensive in terms of time 
and/or hardware resources. One example cryptographic combiner in this very 

1 0 complex category is a permutation table combiner. The permutation table is 
required to have a table the size of the plaintext alphabet. For example, if the 
plaintext unit size is 32 bits, the permutation table needs to be 16 gigabytes. On 
the other hand, if the plaintext unit size is 8 bits, the permutation table size is 
only required to be 256 bytes, but encrypting 8 bit plaintext units is typically 4 

1 5 times slower than using 32 bit plaintext units. In addition, the smaller plaintext 
unit size limits the amount of plaintext diffusion. Plaintext diffusion means that 
plaintext bits can affect the encryption of other plaintext bits. Diffusion is 
desirable because it makes cryptanalysis more difficult. The XOR combiner 
operation has no plaintext diffusion. 

20 For reasons stated above and for other reasons presented in greater detail 

in the Description of the Preferred Embodiments section of the present 
specification, a cryptographic combiner is desired for stream cipher 
cryptosystems wherein known plaintext can not be combined with associated 
ciphertext to reveal the keystream, and wherein accidental double encryption 

25 does not remove the keystream from the combined output bits. In addition, there 
is a need for a cryptographic combiner where the same keystream cannot be used 
to combine two ciphertext to eliminate the keystream and leave the combiner 
■ operation of the two original plaintext messages. Such a desired cryptographic 
combiner should be relatively inexpensive in time and hardware resources. 
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Summary of the Invention 

The present invention provides a stream cipher cryptosystem including a 
keystream generator receiving a key and providing a keystream. The stream 
cipher cryptosystem also includes a cryptographic combiner receiving a first 
5 binary data sequence and the keystream. The cryptographic combiner performs 
two sequential non-associative operations on the first binary data sequence and 
the keystream to provide a second binary data sequence. 

In encryption operations, the cryptographic combiner is an encryption 
combiner and the first binary data sequence is a plaintext binary data sequence 
10 and the second binary data sequence is a ciphertext binary data sequence. In 

decryption operations, the cryptographic combiner is a decryption combiner and 
the first binary data sequence is a ciphertext binary data sequence and the second 
binary data sequence is a plaintext binary data sequence. 

In one embodiment, the two sequential non-associative operations are 
1 5 integer addition and XOR. In another embodiment, the two sequential non- 
associative operations are integer subtraction and XOR. Other embodiments 
employ other non-associative operations, including modular multiplication and 
XOR, inverse modular multiphcation and XOR, rotate right and XOR, and rotate 
left and XOR. 

20 In one form of the present invention, a stream cipher cryptosystem 

includes an encryption pseudo-random number generator receiving a key and 
providing an encryption keystream. An encryption combiner receives a first 
plaintext binary data sequence and the encryption keystream. The encryption 
combiner performs a first set of two non-associative operations on the first 

25 plaintext binary data sequence and the encryption keystream to provide a 

ciphertext binary data sequence. A decryption pseudo-random number generator 
receives the key and provides a decryption keystream. A decryption combiner 
■ receives the ciphertext binary data sequence and the decryption keystream. The 
decryption combiner performs a second set of two non-associative operations on 

30 the ciphertext binary data sequence and the decryption keystream to provide a 
second plaintext binary data sequence substantially similar to the first plaintext 
binary data sequence. In this form of the present invention, each operation in the 
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second set is the inverse of an operation in the first set and the operations in the 
second set are performed in the reverse order of the operation in the first set. 

The stream cipher cryptosystem according to the present invention 
includes a cryptographic combiner using two sequential non-associative 
5 operations wherein known plaintext can not be combined with associated 
ciphertext to reveal the keystream, and wherein accidental double encryption 
does not remove the keystream from the combined output bits. Li the 
cryptographic combiner operation according to the present invention, combining 
two ciphertexts does not eliminate the keystream and leave a combination of the 
10 two original plaintext messages. Nevertheless, the cryptographic combiner 
operation according to the present invention requires a minimal increase of 
resoiirces over conventional XOR and other linear combiner operations. 

Brief Description of the Drawings 

15 Figure 1 is a block diagram of a cryptosystem according to the present 

invention. 

Figure 2 is one embodiment of a cryptosystem 's combiners according to 
the present invention. 

20 

Description of the Preferred Embodiments 

In the following detailed description of the preferred embodiments, 
reference is made to the accompan3dng drawings, which form a part hereof, and 
in which is shown by way of illustration specific embodiments in which the 

25 invention may be practiced. It is to be understood that other embodiments may 
be utilized and structural or logical changes may be made without departing 
from the scope of the present invention. The following detailed description, 
therefore, is not to be taken in a limiting sense, and the scope of the present 
invention is defined by the appended claims. 

30 A private-key stream cipher cryptosystem according to the present 

invention is illustrated generally at 20 in Figure 1 in block diagram form. 
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Stream cipher crypto system 20 includes a sender 22, such as a computer system, 
and a receiver 42, such as a computer system. 

Sender 22 includes a pseudo-random number generator 24 and an 
encryption combiner 26. Pseudo-random number generator 24 receives a 
5 private-key 32, which controls pseudo-random number generator 24 to produce 
an encryption key stream 28 to be provided to encryption combiner 26. In the 
embodiment illustrated in Figure 1 , an initialization vector 34 is also provided to 
pseudo-random number generator 24 to ensure that encryption keystream 28 is 
not the same even if the same private-key 32 is used to control pseudo-random 
10 number generator 24 for multiple messages. Initialization vector 34 can be 

embodied as a sequence number to ensure that every message that is encrypted is 
sUghtly different. 

Plaintext 30 is also provided to encryption combiner 26. Plaintext 30 is a 
binary data sequence. Encryption combiner 26 combines plaintext 30 and 
1 5 encryption keystream 28 to form ciphertext 36, which is also a binary data 
sequence. 

Receiver 42 includes pseudo-random number generator 44 and 
decryption combiner 46. Pseudo-random number generator 44 receives private- 
key 32', which is the same private-key as the private-key 32. Pseudo-random 

20 number generator 44 is controlled by private-key 32' to produce keystream 48, 
which is provided to decryption combiner 46. In the embodiment illustrated in 
Figure I, an initiaUzation vector 34', which is the same initialization vector as 
initialization vector 34, is provided to pseudo-random number generator 44 to 
ensure that decryption keystream 48 is identical to encryption keystream 28 for a 

25 given private key 32/32' and initialization vector 34/34'. 

Decryption combiner 46 receives ciphertext 36 and combines ciphertext 
36 with decryption keystream 48 to produce plaintext 30', which is a binary data 
sequence that substantially matches plaintext 30. 

There are many known pseudo-random number generators that are 

30 suitable for pseudo-random number generator 24 and pseudo-random number 
generator 44. As mentioned in the Background of the Invention section of the 
present specification, pseudo-random number generators 24 and 44 should have 
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the following general characteristics to produce cryptographically secure 
keystreams 28 and 48. First, the period of a keystream must be large enough to 
accommodate the length of the transmitted message. Second, the keystream 
output bits must be easy to generate. Third, the keystream output bits must be 
hard to predict. 

One embodiment of a portion of a cryptosystem according to the present 
invention is illustrated generally at 120 in Figure 2. Cryptosystem 120 includes 
a pair of cryptographic combiners 126 and 146, each configured to perform two 
sequential non-associative operations. Combiner 126 performs first encryption 
operation 126 A and then second encryption operation 126B. Combiner 146 
performs first decryption operation 146 A and then second decryption operation 
146B. In one embodiment, encryption combiner 126 performs an integer 
addition operation, which is represented by second encryption operation 126B, 
and an XOR operation, which is represented by first encryption operation 126A. 
Correspondingly, in this embodiment, decryption combiner 146 performs an 
XOR operation, which is represented by second decryption operation 146B, and 
an integer subtraction operation, which is represented by first decryption 
operation 146 A. The integer subtraction operation is an inverse of the integer 
addition operation, and the XOR operation is its own inverse. The encryption 
operation performed by one embodiment of combiner 126 is represented 
mathematically by the following Equation I: 

Equation I 

c = (p ^ kl) + k2 

wherein: 

c represents a unit of ciphertext, such as ciphertext 136; 
p represents a unit of plaintext, such as plaintext 130; 
^ represents an XOR operation; 

kl represents a first unit of an encrj^tion keystream, such as encryption 
keystream 128; and 

k2 represents a second unit of the encryption keystream, such as 
encryption keystream 128. 
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As indicated by Equation I, one embodiment of combiner 126 first 
performs an XOR operation on plaintext 130 and a first unit (kl) of encryption 
keystream 128, and then adds the result with a second unit (k2) of encryption 
keystream 128 to produce ciphertext 136. Alternatively, in one embodiment 
5 combiner 1 26 performs the integer addition operation first, followed by the XOR 
operation, to produce ciphertext 136. 

The operations in the above encryption Equation I are non-associative, 
such that (p ^ kl) + k2 9i p ^ (kl + k2). 

The decryption operation performed by one embodiment of combiner 
10 146 is represented mathematically by the following Equation II: 

Equation II 

p = (c-k2)^kl 

wherein: 

p represents a unit of plaintext, such as plaintext 130'; 
15 c represents a unit of ciphertext, such as ciphertext 136; 

represents an XOR operation; 
kl represents a first unit of a decryption keystream, such as decryption 
keystream 148; and 

k2 represents a second unit of the decryption keystream, such as 
20 decryption keystream 148. 

As indicated by Equation II, one embodiment of combiner 146 first 
subtracts a second unit (k2) of decryption keystream 148 from ciphertext 136, 
and performs an XOR operation on the result and a first unit (kl) of decryption 
keystream 148 to produce plaintext 130'. Alternatively, if combiner 126 is 
25 implemented in an embodiment that performs the integer addition operation first, 
followed by the XOR operation, combiner 146 is correspondingly implemented 
in an embodiment that performs the XOR operation first, followed by the integer 
subtraction operation. 

The operations in the above decryption Equation II are non-associative, 
30 such that (c - k2) ^ kl c - (k2 kl). 

Decr5rption keystream 148 is identical to keystream 128. Plaintext 130' is 
substantially similar to plaintext 130. 
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In an alternative embodiment of a portion of a cryptosystem according to 
the present invention, encryption combiner 126 performs an integer subtraction 
operation, represented by second encryption operation 126B, and an XOR 
operation, represented by first encryption operation 126 A. Correspondingly, in 
this embodiment, decryption combiner 146 performs an integer addition 
operation, represented by first decryption operation 146 A, and an XOR 
operation, represented by second decryption operation 146B. 

The encryption operation performed by one embodiment of combiner 
126 is represented mathematically by the following Equation III: 

Equation III 

c = (p^kl)-k2 

wherein: 

c represents a unit of ciphertext, such as ciphertext 136; 
p represents a unit of plaintext, such as plaintext 130; 
^ represents an XOR operation; 

kl represents a first unit of an encryption keystream, such as encryption 
keystream 128; and 

k2 represents a second unit of the encryption keystream, such as 
encryption keystream 128. 

As indicated by Equation III, one embodiment of combiner 126 first 
performs an XOR operation on plaintext 130 and a first unit (kl) of encryption 
keystream 128, and then a second unit (k2) of encryption keystream 128 is 
subtracted from the result of the XOR operation to produce ciphertext 1 36. 
Alternatively, one embodiment of combiner 126 performs the integer subtraction 
operation first, followed by the XOR operation, to produce ciphertext 136. 

The operations in the above encryption Equation III are non-associative, 
such that (p ^ kl) - k2 5^ p (kl - k2). 

The decryption operation performed by one embodiment of combiner 
146 is represented mathematically by the following Equation IV: 

Equation IV 

p = (c + k2) kl 

wherein: 
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p represents a unit of plaintext, such as plaintext 130'; 
c represents a unit of ciphertext, such as ciphertext 136; 

represents an XOR operation; 
kl represents a first unit of a decryption keystream, such as decryption 
5 keystream 148; and 

k2 represents a second unit of the decryption keystream, such as 
decryption keystream 148. 

As indicated by Equation IV, one embodiment of combiner 146 first adds 
a second unit (k2) of decryption keystream 148 to ciphertext 136, and performs 
10 an XOR operation on the result of the addition operation and the first unit (kl ) of 
decryption keystream 148 to produce plaintext 130'. Alternatively, if combiner 
126 is implemented in an embodiment that performs the integer subtraction 
operation first, followed by the XOR operation, combiner 146 is correspondingly 
implemented in an embodiment that performs the XOR operation first, followed 
15 by the integer addition operation. 

The operations in the above decryption Equation IV are non-associative, 
such that (c + k2) ^ kl ^ c + (k2 ^ kl). 

Decryption keystream 148 is identical to keystieam 128. Plaintext 130' is 
substantially similar to plaintext 130. 
20 With one of the operations performed by combiner 126, such as the 

integer addition operation or the integer subtraction operation, involving carry or 
borrow into succeedingly more significant bits, plaintext diffusion is provided. 
It is desired to have a carry or borrow possible for each bit position, because the 
carry or borrow produces diffusion among the plaintext bits. Plaintext diffusion 
25 means that plaintext bits can affect the encryption of other plaintext bits . 

In addition to the non-associative operations discussed above (e.g., 
integer addition and XOR, and integer subtraction and XOR), other non- 
associative operations can be used in the combiner operation of the present 
invention. For example, modular multiplication and XOR can be used. As 
30 another example, either a rotate left (a specified number of bits) or a rotate right 
(a specified number of bits) operation can be used in conjunction with an XOR 
operation. The inverse of these operations is then used for decryption. 
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It should be noted that the above-block diagram of Figure 2 is for 
illustrative purposes only and that the combiner according to the present 
invention can be implemented in either hardware or software. 

A cryptosystem according to the present invention, such as 
5 cryptosystems 20 and 120, employs cryptographic combiners that overcome 
problems with XOR and other linear combiners as discussed in the Background 
of the Invention section of the present specification. For example, known 
plaintext cannot be combined with associated ciphertext to reveal the keystream, 
and accidental double encryption does not remove the keystream. A complete 

10 message cannot be forged, and only the most significant bit of each encrypted 
unit is vulnerable. Similarly, adding multiple identically keyed messages 
together with the combiner operation according to the present invention does not 
remove a substantial amount of key, only the least significant bit of each 
encrypted unit is revealed. Since each combiner operation according to the 

1 5 present invention is substantially the same complexity as the XOR and other 

linear combiner operations, there is not the extensive expense in time, hardware 
and/or software resources of conventional very complex combiner operations. 

Although specific embodiments have been illustrated and described 
herein for purposes of description of the preferred embodiment, it will be 

20 appreciated by those of ordinary skill in the art that a wide variety of alternate 
and/or equivalent implementations calculated to achieve the same purposes may 
be substituted for the specific embodiments shown and described without 
departing from the scope of the present invention. Those with skill in the 
mechanical, electro-mechanical, electrical, and computer arts will readily 

25 appreciate that the present invention may be implemented in a very wide variety 
of embodiments. This apphcation is intended to cover any adaptations or 
variations of the preferred embodiments discussed herein. Therefore, it is 
manifestly intended that this invention be limited only by the claims and the 
equivalents thereof. 
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WHAT IS CLAIMED IS: 

1 . A stream cipher cryptosystem comprising: 

a source for providing an encryption keystream; 
5 an encryption combiner receiving a first plaintext binary data sequence 

and the encryption keystream and performing a first set of two non-associative 
operations on the first plaintext binary data sequence and the encryption 
keystream to provide a ciphertext binary data sequence; 

a source for providing a decryption keystream; and 
10 a decryption combiner receiving the ciphertext binary data sequence and 

the decryption keystream and performing a second set of two non-associative 
operations on the ciphertext binary data sequence and the decryption keystream 
to provide a second plaintext binary data sequence substantially similar to the 
first plaintext binary data sequence. 

15 

2. The stream cipher cryptosystem of claim 1 wherein each operation in the 
second set is the inverse of an operation in the first set. 

3. The stream cipher cryptosystem of claim 1 wherein the operations in the 
20 first set include an integer addition operation and an XOR operation, and the 

operations in the second set include an integer subtraction operation and an XOR 
operation. 

4. The stream cipher cryptosystem of claim 1 wherein the operations in the 
25 first set include an integer subtraction operation and an XOR operation, and the 

operations in the second set include an integer addition operation and an XOR 
operation. 

5. The stream cipher cryptosystem of claim 1 wherein the operations in the 
30 first set include a modular multiplication operation and an XOR operation, and 

the operations in the second set include an inverse modular multiplication 
operation and an XOR operation. 
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6. The stream cipher cryptosystem of claim 1 wherein the operations in the 
first set include an inverse modular multiplication operation and an XOR 
operation, and the operations in the second set include a modular multiplication 

5 operation and an XOR operation. 

7. The stream cipher cryptosystem of claim 1 wherein the operations in the 
first set include a rotate right operation and an XOR operation, and the 
operations in the second set include a rotate left operation and an XOR 

10 operation. 

8. The stream cipher cryptosystem of claim 1 wherein the operations in the 
first set include a rotate left operation and an XOR operation, and the operations 
in the second set include a rotate right operation and an XOR operation. 


9, A stream cipher cryptosystem comprising: 

a source for receiving a key and providing a keystream; and 
a cryptographic combiner receiving a first binary data sequence and the 
keystream and performing two sequential non-associative operations on the first 
20 binary data sequence and the keystream to provide a second binary data 
sequence. 

1 0. The stream cipher cryptosystem of claim 9 wherein the cryptographic 
combiner is an encryption combiner and the first binary data sequence is a 

25 plaintext binary data sequence and the second binary data sequence is a 
ciphertext binary data sequence. 


1 1 . The stream cipher cryptosystem of claim 9 wherein the cryptographic 
combiner is a decryption combiner and the first binary data sequence is a 
30 ciphertext binary data sequence and the second binary data sequence is a 
plaintext binary data sequence. 
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12. The stream cipher cryptosystem of claim 9 wherein the two sequential 
non-associative operations are an integer addition operation and an XOR 
operation. 

5 13. The stream cipher cr)/ptosystem of claim 9 wherein the two sequential 
non-associative operations are an integer subtraction operation and an XOR 
operation. 

14. The stream cipher cryptosystem of claim 9 wherein the two sequential 

1 0 non-associative operations are a modular multiplication operation and an XOR 
operation. 

1 5. The stream cipher cryptosystem of claim 9 wherein the two sequential 
non-associative operations are an inverse modular multiplication operation and 

15 an XOR operation. 

16. The stream cipher cryptosystem of claim 9 wherein the two sequential 
non-associative operations are a rotate right operation and an XOR operation. 

20 17. The stream cipher crj^tosystem of claim 9 wherein the two sequential 
non-associative operations are a rotate left operation and an XOR operation. 

18. A method of encrypting a plaintext binary data sequence, the method 
comprising the steps of: 
25 generating an encryption keystream as a function of a key; and 

combining the plaintext binary data sequence and the encryption 
keystream with two non-associative operations to provide a ciphertext binary 
data sequence. 

30 19. The method of claim 18 wherein the two non-associative operations 
include an integer addition operation. 
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include an XOR operation. 

2 1 . The method of claim 1 8 wherein the two non-associative operations 
5 include an integer subtraction operation. 

22. The method of claim 21 wherein the two non-associative operations 
include an XOR operation. 

10 23 . The method of claim 1 8 wherein the two non-associative operations 
include a modular multiplication operation. 

24. The method of claim 23 wherein the two non-associative operations 
include an XOR operation. 

15 

25. The method of claim 18 wherein the two non-associative operations 
include an inverse modular multiplication operation. 

26. The method of claim 25 wherein the two non-associative operations 
20 include an XOR operation. 

27. The method of claim 1 8 wherein the two non-associative operations 
include a rotate right operation. 

25 28. The method of claim 27 wherein the two non-associative operations 
include an XOR operation. 

■ 29. The method of claim 1 8 wherein the two non-associative operations 
include a rotate left operation. 

30 

30. The method of claim 29 wherein the two non-associative operations 
include an XOR operation. 
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31. A method of decrypting a ciphertext binary data sequence, the method 
comprising the steps of: 

generating a decryption keystream as a function of a key; and 
5 combining the ciphertext binary data sequence and the decryption 

keystream with two non-associative operations to provide a plaintext binary data 
sequence. 

32. The method of claim 3 1 wherein the two non-associative operations 
1 0 include an integer addition operation. 

33. The method of claim 32 wherein the two non-associative operations 
include an XOR operation. 

15 34. The method of claim 3 1 wherein the two non-associative operations 
include an integer subtraction operation. 

3 5 . The method of claim 34 wherein the two non-associative operations 
include an XOR operation. 

20 

36. The method of claim 3 1 wherein the two non-associative operations 
include a modular multiplication operation. 

37. The method of claim 36 wherein the two non-associative operations 
25 include an XOR operation. 

38. The method of claim 3 1 wherein the two non-associative operations 
include an inverse modular multiphcation operation. 

30 39. The method of claim 3 8 wherein the two non-associative operations 
include an XOR operation. 
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40. The method of claim 3 1 wherein the two non-associative operations 
include a rotate right operation. 

41 . The method of claim 40 wherein the two non-associative operations 
5 include an XOR operation. 

42. The method of claim 3 1 wherein the two non-associative operations 
include a rotate left operation. 

10 43. The method of claim 42 wherein the two non-associative operations 
include an XOR operation. 
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CRYPTOGRAPHIC COMBINER USING TWO SEQUENTIAL 
NON-ASSOCIATIVE OPERATIONS 

5 Abstract of the Disclosure 

A stream cipher cryptosystem includes a keystream generator receiving a 
key and providing a keystream. A cryptographic combiner combines a first 
binary data sequence and the keystream with two non-associative operations to 
provide a second binary data sequence. In encryption operations, the 

10 cryptographic combiner is an encryption combiner and the first binary data 

sequence is a plaintext binary data sequence and the second binary data sequence 
is a ciphertext binary data sequence. In decryption operations, the cryptographic 
combiner is a decryption combiner and the first binary data sequence is a 
ciphertext binary data sequence and the second binary data sequence is a 

1 5 plaintext binary data sequence. 
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DECLARATION, POWER OF ATTORNEY, AND PETITION 


Being duly sworn, I, a below-named inventor, depose and say that: (1) my residence, citizenship, and 
mailing address is radicated below; (2) I have reviewed and understand the contents of attached specification, 
including the claims, as amended by any amendment specifically referred to herein, (3) I believe that I am the 
original, first, and sole inventor or discoverer of the invention or discovery in 


dgscribed and claimed therein and for which a patent is sought; and (4) I hereby acknowledge my duty to disclose to 
the Patent and Trademark Office all raformation known to me to be material to the patentability as defined in Title 
37, Code of Federal Regulations, 1.56* 

I hereby appoint John G. Shudy, Jr. (Reg. No. 31,214); Steven E. Dicke (Reg. No. 38,431), Patrick G. 
Bilhg (Reg. No. 38,080), Timothy A. Czaja (Reg. No. 39,649), Thomas A. Rendos (Reg. No. 33,349); Michael R. 
Binzak (Reg. No. 38,081); Scott A. Lund (Reg. No. 41,166), William M. Hienz III (Reg. No. 37,069); and Jeffi:ey A. 
Hohnen (Reg. No. 38,492) as my attorneys with fiiU powers (including the powers of appointment, substitution, and 
revocation) to prosecute this apphcation and any division, continuation, continuation-in-part, reexamination, or 
reissue thereof, and to transact all business in the Patent and Trademark Office connected therewith. 

Please direct all correspondence in this case to: Customer Number Address Code 000128 

The undersigned petitioner declares further that all statements made herein of his own knowledge are tme 
and that all statements made on information and belief are believed to be time; and further that these statements were 
made with the knowledge that willful false statements and the like so made are punishable by fine or imprisonment, 
or both, under Section 1001 of Title 18 of the United States Code and tiiat such willful false statements may 
jeopardize the validity of the apphcation or any patent issuing thereon. 

Wherefore, I pray for grant of Letters Patent for the mvention or discovery described and claimed in the 
attached specification and I hereby subscribe my name to the foregoing specification and claims, oath, power of 
attorney, and this petition, on the day set forth below. 


CRYPTOGRAPHIC COMBINER USING TWO SEQUENTIAL 


NON-ASSOCIATIVE OPERATIONS 



Residence: 7249 West Timber Lane 

Maple Grove, Minnesota 55369-5222 
Citizenship: United States of America 


1 


§1.56 Duty to disclose information material to patentability. 


(a) A patent by its very nature is affected with a public interest. The public interest is best served, and the 
most effective patent examination occurs when, at the time an application is being examined, the Office is aware of 
and evaluates the teachings of all information material to patentability. Each individual associated with the filing 
and prosecution of a patent apphcation has a duty of candor and good faith in dealing with the Office, which 
includes a duty to disclose to the Office all information known to that individual to be material to patentability as 
dpfined in this section. The duty to disclose information exists with respect to each pending claim \mtil the claim is 
cancelled or withdrawn fi-om consideration, or the application becomes abandoned. Information material to the 
patentability of a claim that is cancelled or withdrawn from consideration need not be submitted if the information 
is .pot material to the patentabiUty of any claim remaining under consideration in the application. There is no duty to 
submit information which is not material to the patentability of any existing claim. The duty to disclose all 
information known to be material to patentability is deemed to be satisfied if all information known to be material to 
patentability of any claim issued in a patent was cited by the Office or submitted to the Office in the manner 
prescribed by §§ 1.97(b)-(d) and 1.98. However, no patent will be granted on an application in connection with 
which jfraud on the Office was practiced or attempted or the duty of disclosure was violated through bad faith or 
intentional misconduct. The Office encourages applicants to carefully examine: 

(1) prior art cited in search reports of a foreign patent office in a coimterpart application, and 

(2) the closest information over which individuals associated with the filing or prosecution of a 
patent application beheve any pending claim patentably defines, to make sure that any material information 
contained therein is disclosed to the Office. 

(b) Under this section, information is material to patentability when it is not cumulative to information 
akeady of record or being made of record in the application, and 

(1) It establishes, by itself or in combination with other information, a prima facie case of 
unpatentability of a claun; or 

(2) It refutes, or is inconsistent with, a position the applicant takes in: 

(i) Opposing an argument of unpatentability rehed on by the Office, or 

(ii) Asserting an argument of patentability. 

A pruna facie case of impatentability is estabhshed when the information compels a conclusion that a claim is 
unpatentable under the preponderance of evidence, burden-of-proof standar, giving each term in the claun its 
broadest reasonable construction consistent with the specification, and before any consideration is given to evidence 
which may be submitted in an attempt to establish a contrary conclusion of patentability. 

(c) Individuals associated with the filing or prosecution of a patent apphcation within the meaning of this 
section are: 

(1) Each inventor named in the application; 

(2) Each attorney or agent who prepares or prosecutes the application; and 

(3) Every other person who is substantively involved in the preparation or prosecution of the 
application and who is associated with the inventor, with the assignee or with anyone to whom there is an obligaton 
to assign the application. 

(d) Individuals, other than the attorney, agent or inventor may comply with this section by disclosing 
information to the attorney, agent, or inventor. 
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